This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(131.20000000000002, 74%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJR%3C/text%3E%3C/svg%3E)
I would like to configure the entries needed to create a GPO for my domain (Server 2012) that will allow me to do remote administration of the computers (Computer Management) from my own computer. So to put it another way, I want to be able to open Computer Management on my machine, and, while connected to the VPN, do a "connect to another computer" and be able configure devices and such. It seems I can do it with some computers and not others. So I want to create the GPO's necessary to have them all set up the same way. I am the domain admin.
Thanks.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(233.6, 96%, 32%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFF%3C/text%3E%3C/svg%3E)
Hi,
When you can't do it with some computers, what's the error message?
Based on my understanding, you want to user to have rights to RDP to other computers and at the same time, you want the user to have the administrative permission, right?
If i misunderstand you, please feel to let me know.
If you want to assign the RDP permission to a user on all the computers in the domain, you can configure the policy as following:
Create a GPO and link it to the domain level.
Right click the GPO and select edit.
Navigate to Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment
Add the administrators and users you want to assign the RDP permission. This policy will overwrite the default settings.
Navigate to Computer Configuration >> Administrative Templates >> Windows Components >> Remote Desktop Services >> Remote Desktop Session Host >> Connections.
On the right-side panel. Double-click on Allow users to connect remotely using Remote Desktop Services.
Select Enabled and click Apply if you want to enable Remote Desktop.
For the administrative permission, you may consider the following method:
Add the user to the local administrators group
Or perform delegation control through DUC.
To add the user to the local administrators group:
Open the GPO and navigate to Computer Configuration -> Policies -> Windows Settings -> Security Settings -> Restricted Groups.
Right click and choose Add Group. If you want to add users to the local administrators group enter Administrators.
In the next window under “Members of this group:” click Add and choose the users to add to the local administrators group.
Note that any users that are currently in the local administrators group will be removed and replaced with the users you select here. If that is what you want, click OK and close the GPO.
For the delegation control, you can refer to the following link:
https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/plan/delegating-administration-by-using-ou-objects
Best Regards,
Hi,
I am checking to see if the problem has been resolved.
If there's anything you'd like to know, don't hesitate to ask.
Best Regards,